CVE-2019-11480
8.4
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
The pc-kernel snap build process hardcoded the –allow-insecure-repositories and –allow-unauthenticated apt options when creating the build chroot environment. This could allow an attacker who is able to perform a MITM attack between the build environment and the Ubuntu archive to install a malicious package within the build chroot. This issue affects pc-kernel versions prior to and including 2019-07-16
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | pc-kernel | unspecified <= 2019-07-16 | affected |
Weaknesses
- CWE-353: CWE-353: Missing Support for Integrity Check
ADP Enrichment
CVE Program Container
Additional References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480
- https://bugs.launchpad.net/bugs/1836041
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11480
- https://bugs.launchpad.net/bugs/1836041
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.